From 7ccec16d69d31fbc56745633c22e96ba8f9d4fb6 Mon Sep 17 00:00:00 2001 From: Ilija Lazoroski Date: Wed, 4 Aug 2021 13:49:22 +0200 Subject: [PATCH 01/18] BB: Improve shellshock and ssh. --- envs/monkey_zoo/blackbox/config_templates/shellshock.py | 2 ++ envs/monkey_zoo/blackbox/config_templates/ssh.py | 4 +++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/envs/monkey_zoo/blackbox/config_templates/shellshock.py b/envs/monkey_zoo/blackbox/config_templates/shellshock.py index ba1a8f915..b3620e5b9 100644 --- a/envs/monkey_zoo/blackbox/config_templates/shellshock.py +++ b/envs/monkey_zoo/blackbox/config_templates/shellshock.py @@ -11,5 +11,7 @@ class ShellShock(ConfigTemplate): { "basic.exploiters.exploiter_classes": ["ShellShockExploiter"], "basic_network.scope.subnet_scan_list": ["10.2.2.8"], + "internal.network.tcp_scanner.HTTP_PORTS": [80, 8080], + "internal.network.tcp_scanner.tcp_target_ports": [], } ) diff --git a/envs/monkey_zoo/blackbox/config_templates/ssh.py b/envs/monkey_zoo/blackbox/config_templates/ssh.py index 3cff3222a..16e7f7e95 100644 --- a/envs/monkey_zoo/blackbox/config_templates/ssh.py +++ b/envs/monkey_zoo/blackbox/config_templates/ssh.py @@ -13,6 +13,8 @@ class Ssh(ConfigTemplate): "basic_network.scope.subnet_scan_list": ["10.2.2.11", "10.2.2.12"], "basic.credentials.exploit_password_list": ["Password1!", "12345678", "^NgDvY59~8"], "basic.credentials.exploit_user_list": ["Administrator", "m0nk3y", "user"], - "internal.classes.finger_classes": ["SSHFinger", "PingScanner", "HTTPFinger"], + "internal.classes.finger_classes": ["SSHFinger", "PingScanner"], + "internal.network.tcp_scanner.HTTP_PORTS": [], + "internal.network.tcp_scanner.tcp_target_ports": [22], } ) From e36cd72a70cce689b21840e9f8156eaa8d30f4a5 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Wed, 4 Aug 2021 09:30:26 -0400 Subject: [PATCH 02/18] BB: Limit scanned ports for elastic test --- envs/monkey_zoo/blackbox/config_templates/elastic.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/envs/monkey_zoo/blackbox/config_templates/elastic.py b/envs/monkey_zoo/blackbox/config_templates/elastic.py index 50d63b72d..0a89b9cc3 100644 --- a/envs/monkey_zoo/blackbox/config_templates/elastic.py +++ b/envs/monkey_zoo/blackbox/config_templates/elastic.py @@ -14,5 +14,7 @@ class Elastic(ConfigTemplate): "internal.classes.finger_classes": ["PingScanner", "HTTPFinger", "ElasticFinger"], "basic_network.scope.subnet_scan_list": ["10.2.2.4", "10.2.2.5"], "basic_network.scope.depth": 1, + "internal.network.tcp_scanner.HTTP_PORTS": [9200], + "internal.network.tcp_scanner.tcp_target_ports": [], } ) From f58c9354fc8e43bba18ba4fb2ca04947df6bb948 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Wed, 4 Aug 2021 09:59:23 -0400 Subject: [PATCH 03/18] BB: Limit scanned ports for mssql test --- envs/monkey_zoo/blackbox/config_templates/mssql.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/envs/monkey_zoo/blackbox/config_templates/mssql.py b/envs/monkey_zoo/blackbox/config_templates/mssql.py index 61249044c..13d1c728e 100644 --- a/envs/monkey_zoo/blackbox/config_templates/mssql.py +++ b/envs/monkey_zoo/blackbox/config_templates/mssql.py @@ -10,6 +10,7 @@ class Mssql(ConfigTemplate): config_values.update( { "basic.exploiters.exploiter_classes": ["MSSQLExploiter"], + "internal.classes.finger_classes": ["PingScanner"], "basic_network.scope.subnet_scan_list": ["10.2.2.16"], "basic.credentials.exploit_password_list": [ "Password1!", @@ -18,5 +19,7 @@ class Mssql(ConfigTemplate): "12345678", ], "basic.credentials.exploit_user_list": ["Administrator", "m0nk3y", "user"], + "internal.network.tcp_scanner.HTTP_PORTS": [], + "internal.network.tcp_scanner.tcp_target_ports": [3389], } ) From 862a64b3036e761572a74009160028951eeff7bc Mon Sep 17 00:00:00 2001 From: Ilija Lazoroski Date: Wed, 4 Aug 2021 15:45:02 +0200 Subject: [PATCH 04/18] BB: Improve Drupal performance --- envs/monkey_zoo/blackbox/config_templates/drupal.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/envs/monkey_zoo/blackbox/config_templates/drupal.py b/envs/monkey_zoo/blackbox/config_templates/drupal.py index 28c50872e..388a47a42 100644 --- a/envs/monkey_zoo/blackbox/config_templates/drupal.py +++ b/envs/monkey_zoo/blackbox/config_templates/drupal.py @@ -12,5 +12,7 @@ class Drupal(ConfigTemplate): "internal.classes.finger_classes": ["PingScanner", "HTTPFinger"], "basic.exploiters.exploiter_classes": ["DrupalExploiter"], "basic_network.scope.subnet_scan_list": ["10.2.2.28"], + "internal.network.tcp_scanner.HTTP_PORTS": [80], + "internal.network.tcp_scanner.tcp_target_ports": [], } ) From 3136921beb62f9bdf11b4f9cd9693a811da01500 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Wed, 4 Aug 2021 12:36:23 -0400 Subject: [PATCH 05/18] BB: Limit scanned ports for hadoop test --- envs/monkey_zoo/blackbox/config_templates/hadoop.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/envs/monkey_zoo/blackbox/config_templates/hadoop.py b/envs/monkey_zoo/blackbox/config_templates/hadoop.py index 86540bde6..8238909fd 100644 --- a/envs/monkey_zoo/blackbox/config_templates/hadoop.py +++ b/envs/monkey_zoo/blackbox/config_templates/hadoop.py @@ -12,5 +12,7 @@ class Hadoop(ConfigTemplate): { "basic.exploiters.exploiter_classes": ["HadoopExploiter"], "basic_network.scope.subnet_scan_list": ["10.2.2.2", "10.2.2.3"], + "internal.network.tcp_scanner.HTTP_PORTS": [], + "internal.network.tcp_scanner.tcp_target_ports": [8088], } ) From 833ebf9fd0aadc53581ee750346a0c704a4a8748 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Wed, 4 Aug 2021 12:56:42 -0400 Subject: [PATCH 06/18] BB: Limit scanned ports for smb and mimikatz --- envs/monkey_zoo/blackbox/config_templates/smb_mimikatz.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/envs/monkey_zoo/blackbox/config_templates/smb_mimikatz.py b/envs/monkey_zoo/blackbox/config_templates/smb_mimikatz.py index 7a8d9060c..8c970d2d4 100644 --- a/envs/monkey_zoo/blackbox/config_templates/smb_mimikatz.py +++ b/envs/monkey_zoo/blackbox/config_templates/smb_mimikatz.py @@ -14,6 +14,8 @@ class SmbMimikatz(ConfigTemplate): "basic.credentials.exploit_password_list": ["Password1!", "Ivrrw5zEzs"], "basic.credentials.exploit_user_list": ["Administrator", "m0nk3y", "user"], "internal.classes.finger_classes": ["SMBFinger", "PingScanner", "HTTPFinger"], + "internal.network.tcp_scanner.HTTP_PORTS": [], + "internal.network.tcp_scanner.tcp_target_ports": [445], "monkey.system_info.system_info_collector_classes": [ "EnvironmentCollector", "HostnameCollector", From efd512cbadcb4d16b2567ef032332d9788d7f16b Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Wed, 4 Aug 2021 12:57:08 -0400 Subject: [PATCH 07/18] BB: Limit scanned ports for wmi and mimikatz --- envs/monkey_zoo/blackbox/config_templates/wmi_mimikatz.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/envs/monkey_zoo/blackbox/config_templates/wmi_mimikatz.py b/envs/monkey_zoo/blackbox/config_templates/wmi_mimikatz.py index b23f73902..8c484e7b2 100644 --- a/envs/monkey_zoo/blackbox/config_templates/wmi_mimikatz.py +++ b/envs/monkey_zoo/blackbox/config_templates/wmi_mimikatz.py @@ -13,6 +13,8 @@ class WmiMimikatz(ConfigTemplate): "basic_network.scope.subnet_scan_list": ["10.2.2.14", "10.2.2.15"], "basic.credentials.exploit_password_list": ["Password1!", "Ivrrw5zEzs"], "basic.credentials.exploit_user_list": ["Administrator", "m0nk3y", "user"], + "internal.network.tcp_scanner.HTTP_PORTS": [], + "internal.network.tcp_scanner.tcp_target_ports": [135], "monkey.system_info.system_info_collector_classes": [ "EnvironmentCollector", "HostnameCollector", From 472c54814af88e321c7599b977a1430802e760f9 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Wed, 4 Aug 2021 13:15:24 -0400 Subject: [PATCH 08/18] BB: Limit scanned ports for struts exploiter --- envs/monkey_zoo/blackbox/config_templates/struts2.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/envs/monkey_zoo/blackbox/config_templates/struts2.py b/envs/monkey_zoo/blackbox/config_templates/struts2.py index 03b8ef38e..b524577d0 100644 --- a/envs/monkey_zoo/blackbox/config_templates/struts2.py +++ b/envs/monkey_zoo/blackbox/config_templates/struts2.py @@ -12,5 +12,7 @@ class Struts2(ConfigTemplate): { "basic.exploiters.exploiter_classes": ["Struts2Exploiter"], "basic_network.scope.subnet_scan_list": ["10.2.2.23", "10.2.2.24"], + "internal.network.tcp_scanner.HTTP_PORTS": [80, 8080], + "internal.network.tcp_scanner.tcp_target_ports": [80, 8080], } ) From 5143d03915b51d2693056770cf5ea46da7032048 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Wed, 4 Aug 2021 13:15:49 -0400 Subject: [PATCH 09/18] BB: Fix "Strtuts2" typo --- envs/monkey_zoo/blackbox/test_blackbox.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/envs/monkey_zoo/blackbox/test_blackbox.py b/envs/monkey_zoo/blackbox/test_blackbox.py index 4ac806588..5cd67d7ec 100644 --- a/envs/monkey_zoo/blackbox/test_blackbox.py +++ b/envs/monkey_zoo/blackbox/test_blackbox.py @@ -171,7 +171,7 @@ class TestMonkeyBlackbox: TestMonkeyBlackbox.run_exploitation_test(island_client, Elastic, "Elastic_exploiter") def test_struts_exploiter(self, island_client): - TestMonkeyBlackbox.run_exploitation_test(island_client, Struts2, "Strtuts2_exploiter") + TestMonkeyBlackbox.run_exploitation_test(island_client, Struts2, "Struts2_exploiter") def test_weblogic_exploiter(self, island_client): TestMonkeyBlackbox.run_exploitation_test(island_client, Weblogic, "Weblogic_exploiter") From 4d9162d1686c2d15f646f75a3a946066e3c753a2 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Wed, 4 Aug 2021 13:28:46 -0400 Subject: [PATCH 10/18] BB: Limit scanned ports for weblogic test --- envs/monkey_zoo/blackbox/config_templates/weblogic.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/envs/monkey_zoo/blackbox/config_templates/weblogic.py b/envs/monkey_zoo/blackbox/config_templates/weblogic.py index 21b7eed0c..10bdadd11 100644 --- a/envs/monkey_zoo/blackbox/config_templates/weblogic.py +++ b/envs/monkey_zoo/blackbox/config_templates/weblogic.py @@ -12,5 +12,7 @@ class Weblogic(ConfigTemplate): { "basic.exploiters.exploiter_classes": ["WebLogicExploiter"], "basic_network.scope.subnet_scan_list": ["10.2.2.18", "10.2.2.19"], + "internal.network.tcp_scanner.HTTP_PORTS": [7001], + "internal.network.tcp_scanner.tcp_target_ports": [], } ) From 0c235687568fb9b63eac5965a992ebf76a2c8993 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Wed, 4 Aug 2021 13:31:39 -0400 Subject: [PATCH 11/18] BB: Limit scanned ports for zerologon test --- envs/monkey_zoo/blackbox/config_templates/zerologon.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/envs/monkey_zoo/blackbox/config_templates/zerologon.py b/envs/monkey_zoo/blackbox/config_templates/zerologon.py index 2eec0f4f0..93ebd5301 100644 --- a/envs/monkey_zoo/blackbox/config_templates/zerologon.py +++ b/envs/monkey_zoo/blackbox/config_templates/zerologon.py @@ -14,5 +14,7 @@ class Zerologon(ConfigTemplate): "basic_network.scope.subnet_scan_list": ["10.2.2.25"], # Empty list to make sure ZeroLogon adds "Administrator" username "basic.credentials.exploit_user_list": [], + "internal.network.tcp_scanner.HTTP_PORTS": [], + "internal.network.tcp_scanner.tcp_target_ports": [135, 445], } ) From e946b547c7796a8830a8bf772fc168a638a2b815 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Wed, 4 Aug 2021 13:52:22 -0400 Subject: [PATCH 12/18] BB: Limit scanned ports for WMI PTH test --- envs/monkey_zoo/blackbox/config_templates/wmi_pth.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/envs/monkey_zoo/blackbox/config_templates/wmi_pth.py b/envs/monkey_zoo/blackbox/config_templates/wmi_pth.py index 92746c3df..84e7f3f70 100644 --- a/envs/monkey_zoo/blackbox/config_templates/wmi_pth.py +++ b/envs/monkey_zoo/blackbox/config_templates/wmi_pth.py @@ -14,6 +14,8 @@ class WmiPth(ConfigTemplate): "basic.credentials.exploit_password_list": ["Password1!"], "basic.credentials.exploit_user_list": ["Administrator", "m0nk3y", "user"], "internal.classes.finger_classes": ["PingScanner", "HTTPFinger"], + "internal.network.tcp_scanner.HTTP_PORTS": [], + "internal.network.tcp_scanner.tcp_target_ports": [135], "internal.exploits.exploit_ntlm_hash_list": [ "5da0889ea2081aa79f6852294cba4a5e", "50c9987a6bf1ac59398df9f911122c9b", From 8d992f41d37635441ede5edc0460386c8727c594 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Wed, 4 Aug 2021 13:53:20 -0400 Subject: [PATCH 13/18] BB: Update config_values with smb_pth settings --- .../blackbox/config_templates/smb_pth.py | 24 ++++++++++--------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/envs/monkey_zoo/blackbox/config_templates/smb_pth.py b/envs/monkey_zoo/blackbox/config_templates/smb_pth.py index b8b54090d..c717a6c55 100644 --- a/envs/monkey_zoo/blackbox/config_templates/smb_pth.py +++ b/envs/monkey_zoo/blackbox/config_templates/smb_pth.py @@ -7,14 +7,16 @@ from envs.monkey_zoo.blackbox.config_templates.config_template import ConfigTemp class SmbPth(ConfigTemplate): config_values = copy(BaseTemplate.config_values) - config_value_list = { - "basic.exploiters.exploiter_classes": ["SmbExploiter"], - "basic_network.scope.subnet_scan_list": ["10.2.2.15"], - "basic.credentials.exploit_password_list": ["Password1!", "Ivrrw5zEzs"], - "basic.credentials.exploit_user_list": ["Administrator", "m0nk3y", "user"], - "internal.classes.finger_classes": ["SMBFinger", "PingScanner", "HTTPFinger"], - "internal.classes.exploits.exploit_ntlm_hash_list": [ - "5da0889ea2081aa79f6852294cba4a5e", - "50c9987a6bf1ac59398df9f911122c9b", - ], - } + config_values.update( + { + "basic.exploiters.exploiter_classes": ["SmbExploiter"], + "basic_network.scope.subnet_scan_list": ["10.2.2.15"], + "basic.credentials.exploit_password_list": ["Password1!", "Ivrrw5zEzs"], + "basic.credentials.exploit_user_list": ["Administrator", "m0nk3y", "user"], + "internal.classes.finger_classes": ["SMBFinger", "PingScanner", "HTTPFinger"], + "internal.classes.exploits.exploit_ntlm_hash_list": [ + "5da0889ea2081aa79f6852294cba4a5e", + "50c9987a6bf1ac59398df9f911122c9b", + ], + } + ) From c34a3036283083f5c253bcf8c5cd4398dc0f9e87 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Wed, 4 Aug 2021 13:53:42 -0400 Subject: [PATCH 14/18] BB: Limit scanned ports for SMB PTH test --- envs/monkey_zoo/blackbox/config_templates/smb_pth.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/envs/monkey_zoo/blackbox/config_templates/smb_pth.py b/envs/monkey_zoo/blackbox/config_templates/smb_pth.py index c717a6c55..89a379d15 100644 --- a/envs/monkey_zoo/blackbox/config_templates/smb_pth.py +++ b/envs/monkey_zoo/blackbox/config_templates/smb_pth.py @@ -14,6 +14,8 @@ class SmbPth(ConfigTemplate): "basic.credentials.exploit_password_list": ["Password1!", "Ivrrw5zEzs"], "basic.credentials.exploit_user_list": ["Administrator", "m0nk3y", "user"], "internal.classes.finger_classes": ["SMBFinger", "PingScanner", "HTTPFinger"], + "internal.network.tcp_scanner.HTTP_PORTS": [], + "internal.network.tcp_scanner.tcp_target_ports": [445], "internal.classes.exploits.exploit_ntlm_hash_list": [ "5da0889ea2081aa79f6852294cba4a5e", "50c9987a6bf1ac59398df9f911122c9b", From ee77869357676c72914f81dee7892780a115b068 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Wed, 4 Aug 2021 14:53:55 -0400 Subject: [PATCH 15/18] BB: Limit propagation depth to 1 for most tests --- envs/monkey_zoo/blackbox/config_templates/base_template.py | 1 + envs/monkey_zoo/blackbox/config_templates/ssh.py | 1 + 2 files changed, 2 insertions(+) diff --git a/envs/monkey_zoo/blackbox/config_templates/base_template.py b/envs/monkey_zoo/blackbox/config_templates/base_template.py index 0227724fc..f55328312 100644 --- a/envs/monkey_zoo/blackbox/config_templates/base_template.py +++ b/envs/monkey_zoo/blackbox/config_templates/base_template.py @@ -7,6 +7,7 @@ class BaseTemplate(ConfigTemplate): config_values = { "basic.exploiters.exploiter_classes": [], "basic_network.scope.local_network_scan": False, + "basic_network.scope.depth": 1, "internal.classes.finger_classes": ["PingScanner", "HTTPFinger"], "internal.monkey.system_info.system_info_collector_classes": [ "EnvironmentCollector", diff --git a/envs/monkey_zoo/blackbox/config_templates/ssh.py b/envs/monkey_zoo/blackbox/config_templates/ssh.py index 16e7f7e95..8099e50a6 100644 --- a/envs/monkey_zoo/blackbox/config_templates/ssh.py +++ b/envs/monkey_zoo/blackbox/config_templates/ssh.py @@ -12,6 +12,7 @@ class Ssh(ConfigTemplate): "basic.exploiters.exploiter_classes": ["SSHExploiter"], "basic_network.scope.subnet_scan_list": ["10.2.2.11", "10.2.2.12"], "basic.credentials.exploit_password_list": ["Password1!", "12345678", "^NgDvY59~8"], + "basic_network.scope.depth": 2, "basic.credentials.exploit_user_list": ["Administrator", "m0nk3y", "user"], "internal.classes.finger_classes": ["SSHFinger", "PingScanner"], "internal.network.tcp_scanner.HTTP_PORTS": [], From f6b52d90312e1ce8d80cd8a9c4e26af9fc92a80a Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Wed, 4 Aug 2021 14:49:28 -0400 Subject: [PATCH 16/18] BB: Don't wait so long for monkeys to die With the propagation depth set to 1 for most tests and the number of scanned ports limited, we don't need such a large delay when waiting for monkeys to die. --- envs/monkey_zoo/blackbox/tests/exploitation.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/envs/monkey_zoo/blackbox/tests/exploitation.py b/envs/monkey_zoo/blackbox/tests/exploitation.py index e3397b949..ddc6bc9c2 100644 --- a/envs/monkey_zoo/blackbox/tests/exploitation.py +++ b/envs/monkey_zoo/blackbox/tests/exploitation.py @@ -6,8 +6,8 @@ from envs.monkey_zoo.blackbox.tests.basic_test import BasicTest from envs.monkey_zoo.blackbox.utils.test_timer import TestTimer MAX_TIME_FOR_MONKEYS_TO_DIE = 5 * 60 -WAIT_TIME_BETWEEN_REQUESTS = 10 -TIME_FOR_MONKEY_PROCESS_TO_FINISH = 40 +WAIT_TIME_BETWEEN_REQUESTS = 5 +TIME_FOR_MONKEY_PROCESS_TO_FINISH = 10 DELAY_BETWEEN_ANALYSIS = 3 LOGGER = logging.getLogger(__name__) From ded9c0343023caa1a4218b0b4680389e4d2726e2 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Wed, 4 Aug 2021 15:20:34 -0400 Subject: [PATCH 17/18] Update changelog with BB test performance improvements --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index f4146a696..59d20c442 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -36,6 +36,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - `server_config.json` puts environment config options in a separate section named "environment". #1161 - BlackBox tests can now register if they are ran on a fresh installation. #1180 +- Limit the ports used for scanning in blackbox tests. #1368 +- Limit the propagation depth of most blackbox tests. #1400 +- Blackbox tests wait less time for monkeys to die. #1400 - Improved the structure of unit tests by scoping fixtures only to relevant modules instead of having a one huge fixture file, improved and renamed the directory structure of unit tests and unit test infrastructure. #1178 From e393374ae62894dc8a58aee0395b7adf9041b53c Mon Sep 17 00:00:00 2001 From: Ilija Lazoroski Date: Thu, 5 Aug 2021 10:36:33 +0200 Subject: [PATCH 18/18] BB: Increase scope depth for Struts2 --- envs/monkey_zoo/blackbox/config_templates/struts2.py | 1 + 1 file changed, 1 insertion(+) diff --git a/envs/monkey_zoo/blackbox/config_templates/struts2.py b/envs/monkey_zoo/blackbox/config_templates/struts2.py index b524577d0..3997557b3 100644 --- a/envs/monkey_zoo/blackbox/config_templates/struts2.py +++ b/envs/monkey_zoo/blackbox/config_templates/struts2.py @@ -11,6 +11,7 @@ class Struts2(ConfigTemplate): config_values.update( { "basic.exploiters.exploiter_classes": ["Struts2Exploiter"], + "basic_network.scope.depth": 2, "basic_network.scope.subnet_scan_list": ["10.2.2.23", "10.2.2.24"], "internal.network.tcp_scanner.HTTP_PORTS": [80, 8080], "internal.network.tcp_scanner.tcp_target_ports": [80, 8080],